Lack of HTTPS on iOS App Store left users open to attacks, researcher says